2024-07-18 08:14:37 +00:00
|
|
|
id: mongod-exposure
|
|
|
|
|
|
|
|
|
|
info:
|
|
|
|
|
name: MongoD Server - Exposure
|
|
|
|
|
author: DhiyaneshDk
|
2024-07-23 07:16:49 +00:00
|
|
|
severity: low
|
2024-09-10 09:08:16 +00:00
|
|
|
classification:
|
|
|
|
|
cpe: cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
|
2024-07-18 08:14:37 +00:00
|
|
|
metadata:
|
|
|
|
|
verified: true
|
|
|
|
|
max-request: 1
|
2024-09-10 08:22:50 +00:00
|
|
|
vendor: mongodb
|
2024-09-10 09:08:16 +00:00
|
|
|
product: mongodb
|
|
|
|
|
shodan-query: html:"mongod"
|
2024-07-18 08:14:37 +00:00
|
|
|
tags: mongod,exposure,info-leak
|
|
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- raw:
|
|
|
|
|
- |
|
|
|
|
|
GET / HTTP/1.1
|
|
|
|
|
Host: {{Hostname}}
|
|
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
part: body
|
|
|
|
|
words:
|
|
|
|
|
- "<title>mongod"
|
|
|
|
|
- "List all commands"
|
|
|
|
|
condition: and
|
|
|
|
|
|
|
|
|
|
- type: status
|
|
|
|
|
status:
|
|
|
|
|
- 200
|
2024-09-12 05:14:01 +00:00
|
|
|
# digest: 4a0a00473045022100b9a807b420c74b76f17c5cfe829a66ab4c8a664d0e4f555efa37efe40d6b00ef022010e6c3f25eaff656e807b53a2f2a35cc358839662551506d12cf7dc40eb146c6:922c64590222798bb761d5b6d8e72950
|
